Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/KBf8j9UMFoZXwT3u3uJkzZl5f_M.roa
File:                     KBf8j9UMFoZXwT3u3uJkzZl5f_M.roa (raw, json)
Hash identifier:          K4PA6YlD8WQXWWv/0hLPhN8n/YB6Ao189dtLPIDoR0g=
Subject key identifier:   28:17:FC:8F:D5:0C:16:86:57:C1:3D:EE:DE:E2:64:CD:99:79:7F:F3
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       018CC86F23AAAC21C9260ECF7FD2125CCFE0
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/KBf8j9UMFoZXwT3u3uJkzZl5f_M.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59605
IP address blocks:        80.231.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:23:aa:ac:21:c9:26:0e:cf:7f:d2:12:5c:cf:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2817fc8fd50c168657c13deedee264cd99797ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ee:29:40:a7:59:87:37:26:82:82:48:6c:5a:
                    e7:93:67:e5:92:cb:4f:04:e2:63:36:89:3e:f8:e0:
                    cd:95:ab:70:7b:a1:00:50:d7:b6:13:ef:2e:f1:ed:
                    0c:a8:8e:db:04:d7:b2:62:74:b8:04:ef:a9:d3:8e:
                    64:61:20:52:b6:78:a9:af:ad:82:72:c0:90:13:8a:
                    5a:af:db:f7:a7:84:78:1d:1d:2d:fe:ac:cf:cb:5e:
                    0d:54:71:d7:f2:55:12:68:77:31:2e:ac:c9:ce:27:
                    d6:07:21:23:87:93:c0:f4:72:2b:c3:e4:bc:e4:ea:
                    87:25:77:00:8d:db:dc:f9:d6:8a:7d:21:75:ed:15:
                    dc:2f:a7:2d:ca:d6:bc:8f:08:98:46:d8:f4:ea:6b:
                    2a:81:57:b2:4e:e5:58:f5:fa:53:65:1d:da:dc:4a:
                    5f:39:fb:b1:a0:bf:7a:1a:4d:4f:24:be:3b:97:a7:
                    4e:65:5c:62:fd:c7:09:9d:84:c1:da:02:72:47:89:
                    8b:a5:30:b2:60:61:72:88:ac:ee:63:88:3d:3c:20:
                    07:79:1b:6c:d1:13:30:af:10:a3:ce:da:81:73:9b:
                    f6:33:ef:2b:5b:9e:36:71:f4:ce:b6:1b:5e:ac:c8:
                    03:c4:b1:56:d1:4e:59:c3:3b:0d:42:18:18:a6:90:
                    17:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:17:FC:8F:D5:0C:16:86:57:C1:3D:EE:DE:E2:64:CD:99:79:7F:F3
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/KBf8j9UMFoZXwT3u3uJkzZl5f_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.231.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e7:a0:77:c0:71:f4:cb:7a:60:5c:0a:d7:94:4d:dd:69:ac:6a:
         a4:d0:31:71:a4:bb:d6:0a:fe:27:a7:c8:4b:7b:44:4a:b8:7c:
         f5:2d:7c:28:3f:9f:c0:5d:e1:f4:bb:6a:e6:31:90:c4:6a:27:
         9f:81:a9:a1:18:52:f6:79:38:d0:9d:5e:6d:26:07:d4:2f:d3:
         ed:7e:a1:26:60:bb:28:b1:ca:89:27:9a:1e:96:1b:8f:ba:e7:
         e0:e7:26:10:b1:1b:aa:72:b3:64:7c:bd:ec:8c:08:44:bc:ff:
         16:88:49:09:55:18:76:6f:d5:4b:39:dc:a0:20:6c:b0:85:3b:
         64:d2:0e:6a:2e:3d:9e:c4:d7:aa:6e:24:4b:fc:e2:bc:b5:bf:
         59:7b:aa:9e:d9:20:c5:56:27:2f:9b:df:b1:da:28:37:cb:6c:
         52:5a:76:77:f4:cb:00:1f:c8:91:ff:5a:84:e5:0f:c4:4f:f0:
         34:ab:ef:2a:a1:30:2f:02:0d:a0:4c:dc:c3:70:57:6a:a1:63:
         e2:61:a5:b9:25:05:04:fa:4c:43:f8:6f:4e:62:29:97:62:7f:
         9f:2e:e7:93:cd:6b:bf:18:05:ff:38:f4:ed:b0:64:ae:61:f5:
         c5:2f:52:8d:49:fa:25:75:20:fd:9b:21:d2:3c:5f:d8:89:91:
         24:c0:7b:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyOqrCHJJg7Pf9ISXM/gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODE3ZmM4ZmQ1MGMxNjg2NTdjMTNkZWVkZWUyNjRjZDk5Nzk3ZmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAie4pQKdZhzcmgoJIbFrnk2flkstP
BOJjNok++ODNlatwe6EAUNe2E+8u8e0MqI7bBNeyYnS4BO+p045kYSBStnipr62C
csCQE4par9v3p4R4HR0t/qzPy14NVHHX8lUSaHcxLqzJzifWByEjh5PA9HIrw+S8
5OqHJXcAjdvc+daKfSF17RXcL6ctyta8jwiYRtj06msqgVeyTuVY9fpTZR3a3Epf
OfuxoL96Gk1PJL47l6dOZVxi/ccJnYTB2gJyR4mLpTCyYGFyiKzuY4g9PCAHeRts
0RMwrxCjztqBc5v2M+8rW542cfTOthterMgDxLFW0U5ZwzsNQhgYppAX5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCgX/I/VDBaGV8E97t7iZM2ZeX/zMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvS0JmOGo5VU1Gb1pYd1QzdTN1Smt6Wmw1Zl9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUOfVMA0G
CSqGSIb3DQEBCwUAA4IBAQDnoHfAcfTLemBcCteUTd1prGqk0DFxpLvWCv4np8hL
e0RKuHz1LXwoP5/AXeH0u2rmMZDEaiefgamhGFL2eTjQnV5tJgfUL9PtfqEmYLso
scqJJ5oelhuPuufg5yYQsRuqcrNkfL3sjAhEvP8WiEkJVRh2b9VLOdygIGywhTtk
0g5qLj2exNeqbiRL/OK8tb9Ze6qe2SDFVicvm9+x2ig3y2xSWnZ39MsAH8iR/1qE
5Q/ET/A0q+8qoTAvAg2gTNzDcFdqoWPiYaW5JQUE+kxD+G9OYimXYn+fLueTzWu/
GAX/OPTtsGSuYfXFL1KNSfoldSD9myHSPF/YiZEkwHvZ
-----END CERTIFICATE-----